This is the end of the preview.
Sign up
to
access the rest of the document.

Unformatted text preview: 8.1 Finding a Generator for Z * p There is no efficient algorithm known for this problem, unless the prime factorization of p- 1 is given, and even then, we must resort to the use of a probabilistic algorithm. 8.1.1 Probabilistic algorithms A probabilistic algorithm is one that during the course of its execution generates random integers (drawn, say, uniformly from some interval). Generally speaking, the behavior of a probabilistic algorithm depends not only on its input, but also on the particular values of the above-mentioned randomly generated numbers. The running time and output of the algorithm on a given input are properly regarded as random variables. An efficient probabilistic algorithm for solving a given problem is one which • for all inputs, outputs the correct answer with probability very close to 1; • for all inputs, its expected running time is bounded by a polynomial in the input length. Note that we have not specified in the above requirement just how close to 1 the probability that the output is correct should be. However, it does not really matter (at least, as far as theoretical 51 computer scientists are concerned). If this probability is at least, say, 2 / 3, then we can make it at least 1- 2- t by running the algorithm t O (1) times, and taking the majority output. The analysis of this “amplification” procedure relies on standard results on the tail of the binomial distribution, which we do not go into here. A problem of both philosophical and practical interest is the problem of where we get random numbers from. In practice, no one cares: one just uses a reasonably good pseudo-random number generator, and ignores the problem. 8.1.2 Finding a generator We now present an efficient probabilistic algorithm that takes as input an odd prime p , along with the prime factorization p- 1 = r Y i =1 q e i i , and outputs a generator for Z * p . It runs as follows: for i ← 1 to r do repeat choose α ∈ Z * p at random compute β ← α ( p- 1) /q i until β 6 = 1 γ i ← α ( p- 1) /q e i i γ ← Q r i =1 γ i output γ First, let us analyze the correctness of this algorithm. When the i th loop iteration terminates, by construction, we have γ q e i i i = 1 but γ q e i- 1 i i 6 = 1 . It follows (c.f., Theorem 4.28) that γ i has order q e i i . From this, it follows (c.f., Theorem 4.29) that γ has order p- 1. Thus, we have shown that if the algorithm terminates, its output is always correct. Let us now analyze the running time of this algorithm. Consider the repeat/until loop in the i th iteration of the outer loop. Since the kernel of the ( p- 1) /q i-power map on Z * p has order ( p- 1) /q i , the probability that a random α ∈ Z * p lies in the kernel is 1 /q i . It follows that the expected number of iterations of the repeat/until loop is O (1), and therefore, the expected running time of the entire algorithm is O ( r L ( p ) 3 ), and since r ≤ log 2 p , this is O ( L ( p ) 4 )....
View
Full Document